Pwnie Award nominees are out
The first annual Pwnie Awards have now published their list of nominees for 2007 and will be presenting the awards today at Blackhat Las Vegas. This extremely irreverent award was announced in July by security researcher Alexander Sotirov with the awards in the following categories:
- Best Server-Side Bug
- Best Client-Side Bug
- Mass 0wnage
- Most Innovative Research
- Lamest Vendor Response
- Most Overhyped Bug
- Best Song
It’s always a good time when insiders poke fun at the security industry. The nominations are a good read. They’d be hilarious if they weren’t such a tragic illustration of the state of software today.
“Lamest vendor response” is my favorite category… when security is the last thing considered by software developers (assuming it’s considered at all), vendor action is critical. By now most vendors have learned to stop attacking security researchers who audit their products for free, but denial and downplaying the importance of flaws is still common. When serious flaws were reported in forensic tool EnCase (darling of law enforcement everywhere), the vendor reaction was a classic downplay and dismiss. One response tearing their argument apart was also classic.
Update: The “winners” have been announced.
Related posts: